I’m using IPFire now some year’s, but I do not feel confident in the operation and problem analysis so far.
Currently i am running IPFire 2.27 (x86_64) - Core-Update 180.
For a few days now, my WiFi Sound Touch systems (Bose) have not been able to connect (stream) from/to radio stations. I have already tried many things.
If I physically remove the firewall (IPFire) and connect the cable router directly to the home network then the WiFi Sound Touch systems work.
Actually I use IPFire to have a separate IP address range at home for the house installation (so the DHCP server) and I use the block lists. Firewall rules I have not implemented. Does anyone have an idea how I can analyze and solve the problem ?
Thanks - Reinhard
Hello @reinhard, welcome to the community. Was your Bose WiFi Sound Touch system working with IPFire before encountering this issue? If yes, try disabling all block lists to see if that resolves the issue.
To further investigate, access the console and run the following command:
tail -f /var/log/messages
This will continuously monitor system logs. Attempt to stream a web radio station and observe any new log entries. Paste those entries here for analysis. To stop monitoring, press Ctrl-c.
Try to make a connection with your Bose device.
Then check your firewall logs.
To see what was blocked that was trying to connect to your device.
Note port and source IP.
Hello @cfusco
Question:
Was your Bose WiFi Sound Touch system working with IPFire before encountering this issue?
Answer - Yes
If yes, try disabling all block lists to see if that resolves the issue.
I have disabled all bloklist already today in the morning, but this was not resolving the issue.
Now the Test:
During the day i have enabled some bloklist again.
I have done the Test from → 192.168.50.21 SoundTouch-Gaestezimmer (Try to connect to a Internet radio)
and we get in the log three lines with this IP.
[root@ipfire ~]# tail -f /var/log/messages
Oct 31 18:22:29 ipfire dhcpd: DHCPREQUEST for 192.168.50.11 from e0:91:53:9f:2f:a4 via green0
Oct 31 18:22:29 ipfire dhcpd: DHCPACK on 192.168.50.11 to e0:91:53:9f:2f:a4 via green0
Oct 31 18:24:36 ipfire kernel: DROP_NEWNOTSYN IN=green0 OUT=red0 MAC=00:97:19:01:00:8a:a8:b5:7c:da:09:d5:08:00 SRC=192.168.50.205 DST=35.212.6.214 LEN=83 TOS=0x00 PREC=0x00 TTL=63 ID=52745 DF PROTO=TCP SPT=44562 DPT=443 WINDOW=170 RES=0x00 ACK PSH URGP=0
Oct 31 18:24:36 ipfire kernel: DROP_CTINVALID IN=green0 OUT=red0 MAC=00:97:19:01:00:8a:a8:b5:7c:da:09:d5:08:00 SRC=192.168.50.205 DST=35.212.6.214 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=52746 DF PROTO=TCP SPT=44562 DPT=443 WINDOW=170 RES=0x00 ACK RST URGP=0
Oct 31 18:26:27 ipfire dhcpd: DHCPDISCOVER from 20:c3:8f:8a:f0:61 via green0
Oct 31 18:26:27 ipfire dhcpd: DHCPOFFER on 192.168.50.21 to 20:c3:8f:8a:f0:61 via green0
Oct 31 18:26:27 ipfire dhcpd: DHCPREQUEST for 192.168.50.21 (192.168.50.1) from 20:c3:8f:8a:f0:61 via green0
Oct 31 18:26:27 ipfire dhcpd: DHCPACK on 192.168.50.21 to 20:c3:8f:8a:f0:61 via green0
Oct 31 18:26:32 ipfire dhcpd: DHCPREQUEST for 192.168.50.46 from 00:1a:22:0c:c0:dc via green0
Oct 31 18:26:32 ipfire dhcpd: DHCPACK on 192.168.50.46 to 00:1a:22:0c:c0:dc via green0
Oct 31 18:26:56 ipfire dhcpd: DHCPREQUEST for 192.168.50.22 from 74:da:ea:c1:72:07 via green0
Oct 31 18:26:56 ipfire dhcpd: DHCPACK on 192.168.50.22 to 74:da:ea:c1:72:07 via green0
Oct 31 18:27:29 ipfire dhcpd: DHCPREQUEST for 192.168.50.24 from 20:c3:8f:8c:79:87 via green0
Oct 31 18:27:29 ipfire dhcpd: DHCPACK on 192.168.50.24 to 20:c3:8f:8c:79:87 via green0
^C
This are my SoundTouch Systems
192.168.50.20 SoundTouch-Arbeiterkammer
192.168.50.21 SoundTouch-Gaestezimmer
192.168.50.22 SoundTouch-Flur
192.168.50.23 SoundTouch-Wohnzimmer
192.168.50.24 SoundTouch-A-Kueche
Based on the provided log, the Bose SoundTouch system with IP address 192.168.50.21 did successfully get an IP address from the IPFire DHCP server. The logs indicate a DHCPACK (DHCP Acknowledgment) for this IP, which means the DHCP server has acknowledged and approved the IP address for the device.
However, there are no specific log entries indicating issues with connectivity to radio stations for this device. The log does contain some dropped packets with the ‘DROP_NEWNOTSYN’ and ‘DROP_CTINVALID’ flags but these are for a different IP address (192.168.50.205), and are not directly related to the SoundTouch systems.
Are you sure that you do not see anything else while attempting to stream a radio station?
EDIT: are the mac addresses of your bose system approved for internet use?
Since your Bose SoundTouch system was working with IPFire previously, I would tend to exclude that another potential issue could be related to the IGMP protocol, which is also commonly used for IPTV services. However I will ask anyway, do you know if your sound system requires IGMPProxy on your IPFire?
Hello @cfusco,
Question: Are you sure that you do not see anything else while attempting to stream a radio station?
This Bose SoundTouch system have a very small display and i see during this streaming Test sometimes a little message, that he is streaming a title but a little later i get the message → Wählen sie ein Preset oder erkunden Sie Musik in Ihrer Sound Touch App – Choose a preset or explore music in your Sound Touch app .
Question:
are the mac addresses of your bose system for internet use?
I Think the mac adres should be registered to Bose during the registration Process for this Bose SoundTouch System when i remember right (it is now working for more the 5 Years)
Hello @cfusco,
i have never read the word IGMP protocol or IGMPProxy.
I have never activ configured such a IGMPProxy in IPFire.
Greetings from Reinhard
Hello @hvacguy,
In the Webinterface for Log’s in IPFire i have found nothing. Maybe i have to activate the Log ?
I have never created a port rule until now. Maybe i can learn it ?
Greetings from Reinhard
For the Bose SoundTouch system to connect, you need to register its MAC address in IPFire’s Web User Interface under /Firewall/Blue access (it won’t happen automatically). This will allow the device to access the network. This type of MAC address filtering typically does not generate log entries, which aligns with what you’re observing in your logs.
It’s possible that a firmware update changed the MAC address, causing the issue. If you’ve already registered the MAC address and are still experiencing problems, I have no further suggestions at this time.
Hello @hvacguy,
i have try to understand how to open a port, and i have inserted many Firewall rules based on the recommendation from Bose. The Result was that my Internet was blocked completely also in the web Browser. The Bose Soundtouch was also not running successfully. Maybe i have done this wrong.
Are you able to see a possible mistake in my screenshot?
Currently i have deactivated all Firewall rules, so that other part’s of my Installation is online again.
Hello @cfusco ,
i have not configured the blue Zone, I have only the red Zone and the green zone activ.
My Wireless access point are all in the green zone.
Is it in this case also necessary to add the mac address for the Blue zone?
I can try it ?
Greetings from Reinhard
Your firewall rules are messed up.
Any to " ip in green ".
I would deactivate all of them.
You want to try and make a connection .
Then look in logs for anything that is Being blocked then you will see the ports and from where.
Then you can make a firewall rule.
I have a stupid IOT device that tries to make a connection from red to green.
This is blocked
It would start to install then it would fail.
So I made a rule to allow the remote ip to connect to that device on the port it needed.
Then it worked.
If you have multiple of these devices
You will want to make a network group
The you can make a service group.
Then your firewall rules if needed.
Will look more like
Source “any”
Destination " Bose network group"
Service group " Bose service "
But none of this is required if it is not being blocked in the first place.
So logs are very important
What type of hardware are you using for your firewall?
is your IPfire double NAT?
(behind another router)
If so that will give you trouble.
You will need to put your IPfire in a DMZ or add firewall to the primary (edge) router.
A diagram of your network may help.
Hello @hvacguy
Yes my IPFire is behind a other Router.
My Internet Provider is Kabel Vodafone, the Router is a Networkstation. From Port 1 of the Networkstation there is a Ethernet Cable going to IPFire (HW from TX-Team) Red in and green out to 8 Port Gigabit switch from Digitus. I have then directly connected a QNAP Nas and A Gigacopper Modem, and Devolo Power Lan going to the upper level. The Wlan is then in the moment from Devolo Power lan and a Ubiquiti AP.
Today in the morning i have activated with my Vodafone Account that the Vodafone Station is now working in a Bridge Mode. I have rebooted IP Fire to be sure. I hope that i have now no double NAT.
After this Change my Phone and also the Web Browser Internet access is ok. All Firewall rules that i have tried are deleted.
I have tryed t activate one of the BOSE SoundTouch Systems, but no Musik.
On the other side i see on the Display that The Bose SoundTouch is connectet maybe Radiostation “Antenne Brandenburg” and is playing a song from the Beatles. But i get not the MusikStream.
And i see nothing is blocked, only a DHCP Handshake.
I have done a test with 192.168.50.21 but there is only this DHCP handel
Maybe you see more. I have also tryed to play musik from my Iphone SoundTouch App to 192.168.50.21.
This is what i see via → tail -f /var/log/messages
You are making progress.
The logs are more easily understood from the WUI.
Logs / Firewall logs.
Make sure your Time server is set and Bose unit has correct time sync.
EDIT: The above list would then look similar to this:
[root@ipfire ~]# tail -f /var/log/messages
Nov 3 06:15:09 ipfire last message repeated 4 times
Nov 3 06:16:38 ipfire last message repeated 2 times
Nov 3 06:17:40 ipfire dhcpd: DHCPDISCOVER from 20:c3:8f:8a:f0:61 via green0
Nov 3 06:17:40 ipfire dhcpd: DHCPOFFER on 192.168.50.21 to 20:c3:8f:8a:f0:61 via green0
Nov 3 06:17:40 ipfire dhcpd: DHCPREQUEST for 192.168.50.21 (192.168.50.1) from 20:c3:8f:8a:f0:61 via green0
Nov 3 06:17:40 ipfire dhcpd: DHCPACK on 192.168.50.21 to 20:c3:8f:8a:f0:61 via green0
Nov 3 06:18:18 ipfire last message repeated 2 times
Nov 3 06:18:25 ipfire unbound: [1582:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
Nov 3 06:18:25 ipfire Already on the latest version
Nov 3 06:18:50 ipfire dhcpd: reuse_lease: lease age 647 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.50.182
Nov 3 06:18:50 ipfire dhcpd: DHCPREQUEST for 192.168.50.182 from c8:d7:78:58:6f:e9 (siemens-coffeemaker-713020385905003626) via green0
Nov 3 06:18:50 ipfire dhcpd: DHCPACK on 192.168.50.182 to c8:d7:78:58:6f:e9 (siemens-coffeemaker-713020385905003626) via green0
Nov 3 06:19:33 ipfire dhcpd: DHCPREQUEST for 192.168.50.45 from 74:ac:b9:29:a7:c0 via green0
Nov 3 06:19:33 ipfire dhcpd: DHCPACK on 192.168.50.45 to 74:ac:b9:29:a7:c0 via green0
Nov 3 06:19:36 ipfire dhcpd: DHCPREQUEST for 192.168.50.12 from c4:65:16:3e:27:38 via green0
Nov 3 06:19:36 ipfire dhcpd: DHCPACK on 192.168.50.12 to c4:65:16:3e:27:38 via green0
Nov 3 06:19:38 ipfire last message repeated 3 times
Nov 3 06:19:44 ipfire last message repeated 3 times
Nov 3 06:19:51 ipfire last message repeated 2 times
Nov 3 06:21:56 ipfire dhcpd: DHCPREQUEST for 192.168.50.205 from a8:b5:7c:da:09:d5 (RokuStreamingStick4K) via green0
Nov 3 06:21:56 ipfire dhcpd: DHCPACK on 192.168.50.205 to a8:b5:7c:da:09:d5 (RokuStreamingStick4K) via green0
Nov 3 06:21:56 ipfire unbound: [1582:0] info: service stopped (unbound 1.18.0).
Nov 3 06:21:56 ipfire unbound: [1582:0] info: server stats for thread 0: 1 queries, 0 answers from cache, 1 recursions, 0 prefetch, 0 rejected by ip ratelimiting
Nov 3 06:21:56 ipfire unbound: [1582:0] info: server stats for thread 0: requestlist max 0 avg 0 exceeded 0 jostled 0
Nov 3 06:21:56 ipfire unbound: [1582:0] info: average recursion processing time 0.094381 sec
Nov 3 06:21:56 ipfire unbound: [1582:0] info: histogram of recursion processing times
Nov 3 06:21:56 ipfire unbound: [1582:0] info: [25%]=0 median[50%]=0 [75%]=0
Nov 3 06:21:56 ipfire unbound: [1582:0] info: lower(secs) upper(secs) recursions
Nov 3 06:21:56 ipfire unbound: [1582:0] info: 0.065536 0.131072 1
Nov 3 06:21:56 ipfire unbound: [1582:0] notice: Restart of unbound 1.18.0.
Nov 3 06:21:56 ipfire unbound: [1582:0] notice: init module 0: validator
Nov 3 06:21:56 ipfire unbound: [1582:0] notice: init module 1: iterator
Nov 3 06:21:56 ipfire unbound: [1582:0] info: start of service (unbound 1.18.0).
Nov 3 06:22:25 ipfire dhcpd: DHCPREQUEST for 192.168.50.11 from e0:91:53:9f:2f:a4 via green0
Nov 3 06:22:25 ipfire dhcpd: DHCPACK on 192.168.50.11 to e0:91:53:9f:2f:a4 via green0
^C
Hello @Jon,
thanks, i have changed my setting’s/options to make the log easier to read…
The challenge for me is, i see nothing dropped from Bose devices.
Maybe i have do dive more deep with this problem.
Thanks R.Kresin
